General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.12978.15434

  • Size

    638KB

  • Sample

    231210-ty2tzshde9

  • MD5

    ebb74a0fae5bf676cc2db601c2524ece

  • SHA1

    53194206f72983e5cdc408a885c8b549c395e286

  • SHA256

    f3e9ff06f04b6f3fce67e3ae02f89eb6f006ae95391105703abded87bc53f362

  • SHA512

    b98cdaf7b00d19ccb074939d8b1a378937e41b9f38219de88c1166ef7643687341df8c72b6159cd59084b4db1a0fbf15ae91bebce8043bbceeabe8f287410ec2

  • SSDEEP

    12288:LkBgOWP6i9oGpby1sTr55RxD0yaxc0q64ZKNWqAzLuMC2jDTDPGNnjl:gCMGpSsTr55R90yaSF64wNWxzaV2jD3G

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.12978.15434

    • Size

      638KB

    • MD5

      ebb74a0fae5bf676cc2db601c2524ece

    • SHA1

      53194206f72983e5cdc408a885c8b549c395e286

    • SHA256

      f3e9ff06f04b6f3fce67e3ae02f89eb6f006ae95391105703abded87bc53f362

    • SHA512

      b98cdaf7b00d19ccb074939d8b1a378937e41b9f38219de88c1166ef7643687341df8c72b6159cd59084b4db1a0fbf15ae91bebce8043bbceeabe8f287410ec2

    • SSDEEP

      12288:LkBgOWP6i9oGpby1sTr55RxD0yaxc0q64ZKNWqAzLuMC2jDTDPGNnjl:gCMGpSsTr55R90yaSF64wNWxzaV2jD3G

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks